Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

Whenever network connections are made they have both an IP address and a "port". Each side of the connection will have this. The source port is usually viewed as the port on the side that originated the connection and the destination port would be the the port on the other side. However, if you look at connection from one host its side will appear to be the source port and when you look at it from the other side its side will appear to be the source.

Additionally "sockets" are used to do interprocess communication within a host so often both sides of the connection are on the same host (i.e. have the same IP address) but will have different ports.

If you run "lsof -i" on your box you'll see all active network/ports on your host.

In the last column (NAME) you see things in form IP Address followed by colon followed by port. So in the last line of above you see the "source" is the "ssh" port on IP 192.168.1.0 and the "destination is port 1128 on IP 192.168.1.1. When you see a name rather than a number for port it means the port has been defined in the /etc/services file.

So your "source port" is 22 and your destination port is 1128. If you logged into host at IP 192.168.1.1 and did the lsof it might show you the source is 1128 and the destination 22.

NOTE: The LISTEN line means that process is waiting for anything that requests port 22 and will establish a connection. Most daemons will have a LISTEN like this. Also the "*" before the colon and port on that line means to LISTEN on any network connection. By default your system has 127.0.0.1 (local host) and usually will have at least one NIC (e.g. eth0) but can have others - the "*" says to accept connection on any of those IP addresses.

That question seems rather vague. There are many firewall types (software and hardware). Typically a "firewall" doesn't "originate" packets. The job of a firewall is the pass through or deny packets sent by others (and often it will NAT/PAT the packet to change apparent IP address if it is a "perimeter firewall").

Whenever network connections are made they have both an IP address and a "port". Each side of the connection will have this. The source port is usually viewed as the port on the side that originated the connection and the destination port would be the the port on the other side. However, if you look at connection from one host its side will appear to be the source port and when you look at it from the other side its side will appear to be the source.

Additionally "sockets" are used to do interprocess communication within a host so often both sides of the connection are on the same host (i.e. have the same IP address) but will have different ports.

If you run "lsof -i" on your box you'll see all active network/ports on your host.

In the last column (NAME) you see things in form IP Address followed by colon followed by port. So in the last line of above you see the "source" is the "ssh" port on IP 192.168.1.0 and the "destination is port 1128 on IP 192.168.1.1. When you see a name rather than a number for port it means the port has been defined in the /etc/services file.

So your "source port" is 22 and your destination port is 1128. If you logged into host at IP 192.168.1.1 and did the lsof it might show you the source is 1128 and the destination 22.

NOTE: The LISTEN line means that process is waiting for anything that requests port 22 and will establish a connection. Most daemons will have a LISTEN like this. Also the "*" before the colon and port on that line means to LISTEN on any network connection. By default your system has 127.0.0.1 (local host) and usually will have at least one NIC (e.g. eth0) but can have others - the "*" says to accept connection on any of those IP addresses.

thank u very much for these useful information.
allow me take advantage of your knowledge and ask u to check if the following command fit the constrant or what.
the constrant is i want to manage a range of ports allowing a traffic from a specified source accepted and vice
versa, will it look like this:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx --sport xxxx:xxxx -j ACCEPT

That question seems rather vague. There are many firewall types (software and hardware). Typically a "firewall" doesn't "originate" packets. The job of a firewall is the pass through or deny packets sent by others (and often it will NAT/PAT the packet to change apparent IP address if it is a "perimeter firewall").

yes, i catch what u want to say.
i have just read that the output chain is responsible for filtering packets originated from the firewall,
so i wandered what kind of packets that will be originated from the firewall